scap-security-guide/SOURCES/scap-security-guide-0.1.58-update_stig_mapping_table-PR_7327.patch

From ea1bab197a17dd944e41a583c82c3cc757bb566b Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Wed, 4 Aug 2021 12:23:05 +0200
Subject: [PATCH] Update STIG mapping table to reflect statistics of coverage.

---
 .../shared_xccdf-apply-overlay-stig.xslt      | 59 +++++++++++++------
 .../transforms/shared_xccdf2table-stig.xslt   | 28 +++++++++
 2 files changed, 68 insertions(+), 19 deletions(-)

diff --git a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
index 945f709b95..b7c000608c 100644
--- a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
+++ b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
@@ -28,26 +28,47 @@
       <xsl:variable name="overlay_ref" select="@disa"/>
       <xsl:variable name="overlay_title" select="xccdf:title/@text"/>
 
-      <xsl:for-each select="$rules">
-        <xsl:if test="@id=$overlay_rule">
-		  <Group id="V-{$overlay_id}">
-		    <title>SRG-OS-ID</title>
-		    <description></description>
-            <Rule id="{$overlay_rule}" severity="{$overlay_severity}" >
-			<version><xsl:value-of select="$overlay_version"/></version>
-          	<title><xsl:value-of select="$overlay_title"/></title>
-          	<description><xsl:copy-of select="xccdf:rationale/node()" /></description>
-          	<check system="C-{$overlay_id}_chk">
-              <check-content>
-					      <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>
-              </check-content>
-          	</check>
-		  	<ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>
-          	<fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>
-          </Rule> 
+      <xsl:choose>
+        <xsl:when test="$overlay_rule='XXXX'">
+          <Group id="V-{$overlay_id}">
+            <title>SRG-OS-ID</title>
+            <description></description>
+                <Rule id="Missing Rule" severity="{$overlay_severity}" >
+          <version><xsl:value-of select="$overlay_version"/></version>
+                <title><xsl:value-of select="$overlay_title"/></title>
+                <description></description>
+                <check system="C-{$overlay_id}_chk">
+                  <check-content>
+                  </check-content>
+                </check>
+                <ident></ident>
+                <fixtext></fixtext>
+              </Rule>
           </Group>
-        </xsl:if>
-      </xsl:for-each> 
+        </xsl:when>
+        <xsl:otherwise>
+          <xsl:for-each select="$rules">
+            <xsl:if test="@id=$overlay_rule">
+          <Group id="V-{$overlay_id}">
+            <title>SRG-OS-ID</title>
+            <description></description>
+                <Rule id="{$overlay_rule}" severity="{$overlay_severity}" >
+          <version><xsl:value-of select="$overlay_version"/></version>
+                <title><xsl:value-of select="$overlay_title"/></title>
+                <description><xsl:copy-of select="xccdf:rationale/node()" /></description>
+                <check system="C-{$overlay_id}_chk">
+                  <check-content>
+                    <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>
+                  </check-content>
+                </check>
+            <ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>
+                <fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>
+              </Rule>
+              </Group>
+            </xsl:if>
+          </xsl:for-each>
+        </xsl:otherwise>
+    </xsl:choose>
 
     </xsl:for-each> 
     </xsl:copy>
diff --git a/shared/transforms/shared_xccdf2table-stig.xslt b/shared/transforms/shared_xccdf2table-stig.xslt
index 3746c386c0..4c477542f4 100644
--- a/shared/transforms/shared_xccdf2table-stig.xslt
+++ b/shared/transforms/shared_xccdf2table-stig.xslt
@@ -20,6 +20,34 @@
 			</div>
 			<br/>
 			<br/>
+
+			<div>
+			<table>
+				<thead>
+				  <tr>
+					<th>Total</th>
+					<th>Missing</th>
+					<th>Implemented</th>
+					<th>Coverage</th>
+					<th>STIG ids missing rule</th>
+				  </tr>
+				</thead>
+				<tbody>
+				  <tr>
+					<td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule))"/></td>
+					<td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id='Missing Rule']))"/></td>
+					<td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id!='Missing Rule']))"/></td>
+					<td><xsl:value-of select="format-number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id!='Missing Rule']) div count(/cdf:Benchmark/cdf:Group/cdf:Rule)*100, '#.00')"/>%</td>
+					<td>
+						<xsl:for-each select="/cdf:Benchmark/cdf:Group/cdf:Rule[@id='Missing Rule']">
+							<xsl:value-of select="cdf:version/node()"/><xsl:text>&#xd;</xsl:text>
+						</xsl:for-each>
+					</td>
+				  </tr>
+				</tbody>
+				</table>
+			</div>
+
 			<xsl:apply-templates select="cdf:Benchmark"/>
 		</body>
 		</html>
import scap-security-guide-0.1.57-3.el8 2021-08-24 22:41:12 +00:00			`From ea1bab197a17dd944e41a583c82c3cc757bb566b Mon Sep 17 00:00:00 2001`
			`From: Gabriel Becker <ggasparb@redhat.com>`
			`Date: Wed, 4 Aug 2021 12:23:05 +0200`
			`Subject: [PATCH] Update STIG mapping table to reflect statistics of coverage.`

			`---`
			`.../shared_xccdf-apply-overlay-stig.xslt \| 59 +++++++++++++------`
			`.../transforms/shared_xccdf2table-stig.xslt \| 28 +++++++++`
			`2 files changed, 68 insertions(+), 19 deletions(-)`

			`diff --git a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt`
			`index 945f709b95..b7c000608c 100644`
			`--- a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt`
			`+++ b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt`
			`@@ -28,26 +28,47 @@`
			`<xsl:variable name="overlay_ref" select="@disa"/>`
			`<xsl:variable name="overlay_title" select="xccdf:title/@text"/>`

			`- <xsl:for-each select="$rules">`
			`- <xsl:if test="@id=$overlay_rule">`
			`- <Group id="V-{$overlay_id}">`
			`- <title>SRG-OS-ID</title>`
			`- <description></description>`
			`- <Rule id="{$overlay_rule}" severity="{$overlay_severity}" >`
			`- <version><xsl:value-of select="$overlay_version"/></version>`
			`- <title><xsl:value-of select="$overlay_title"/></title>`
			`- <description><xsl:copy-of select="xccdf:rationale/node()" /></description>`
			`- <check system="C-{$overlay_id}_chk">`
			`- <check-content>`
			`- <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>`
			`- </check-content>`
			`- </check>`
			`- <ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>`
			`- <fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>`
			`- </Rule>`
			`+ <xsl:choose>`
			`+ <xsl:when test="$overlay_rule='XXXX'">`
			`+ <Group id="V-{$overlay_id}">`
			`+ <title>SRG-OS-ID</title>`
			`+ <description></description>`
			`+ <Rule id="Missing Rule" severity="{$overlay_severity}" >`
			`+ <version><xsl:value-of select="$overlay_version"/></version>`
			`+ <title><xsl:value-of select="$overlay_title"/></title>`
			`+ <description></description>`
			`+ <check system="C-{$overlay_id}_chk">`
			`+ <check-content>`
			`+ </check-content>`
			`+ </check>`
			`+ <ident></ident>`
			`+ <fixtext></fixtext>`
			`+ </Rule>`
			`</Group>`
			`- </xsl:if>`
			`- </xsl:for-each>`
			`+ </xsl:when>`
			`+ <xsl:otherwise>`
			`+ <xsl:for-each select="$rules">`
			`+ <xsl:if test="@id=$overlay_rule">`
			`+ <Group id="V-{$overlay_id}">`
			`+ <title>SRG-OS-ID</title>`
			`+ <description></description>`
			`+ <Rule id="{$overlay_rule}" severity="{$overlay_severity}" >`
			`+ <version><xsl:value-of select="$overlay_version"/></version>`
			`+ <title><xsl:value-of select="$overlay_title"/></title>`
			`+ <description><xsl:copy-of select="xccdf:rationale/node()" /></description>`
			`+ <check system="C-{$overlay_id}_chk">`
			`+ <check-content>`
			`+ <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>`
			`+ </check-content>`
			`+ </check>`
			`+ <ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>`
			`+ <fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>`
			`+ </Rule>`
			`+ </Group>`
			`+ </xsl:if>`
			`+ </xsl:for-each>`
			`+ </xsl:otherwise>`
			`+ </xsl:choose>`

			`</xsl:for-each>`
			`</xsl:copy>`
			`diff --git a/shared/transforms/shared_xccdf2table-stig.xslt b/shared/transforms/shared_xccdf2table-stig.xslt`
			`index 3746c386c0..4c477542f4 100644`
			`--- a/shared/transforms/shared_xccdf2table-stig.xslt`
			`+++ b/shared/transforms/shared_xccdf2table-stig.xslt`
			`@@ -20,6 +20,34 @@`
			`</div>`
			`<br/>`
			`<br/>`
			`+`
			`+ <div>`
			`+ <table>`
			`+ <thead>`
			`+ <tr>`
			`+ <th>Total</th>`
			`+ <th>Missing</th>`
			`+ <th>Implemented</th>`
			`+ <th>Coverage</th>`
			`+ <th>STIG ids missing rule</th>`
			`+ </tr>`
			`+ </thead>`
			`+ <tbody>`
			`+ <tr>`
			`+ <td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule))"/></td>`
			`+ <td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id='Missing Rule']))"/></td>`
			`+ <td><xsl:value-of select="number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id!='Missing Rule']))"/></td>`
			`+ <td><xsl:value-of select="format-number(count(/cdf:Benchmark/cdf:Group/cdf:Rule[@id!='Missing Rule']) div count(/cdf:Benchmark/cdf:Group/cdf:Rule)*100, '#.00')"/>%</td>`
			`+ <td>`
			`+ <xsl:for-each select="/cdf:Benchmark/cdf:Group/cdf:Rule[@id='Missing Rule']">`
			`+ <xsl:value-of select="cdf:version/node()"/><xsl:text> </xsl:text>`
			`+ </xsl:for-each>`
			`+ </td>`
			`+ </tr>`
			`+ </tbody>`
			`+ </table>`
			`+ </div>`
			`+`
			`<xsl:apply-templates select="cdf:Benchmark"/>`
			`</body>`
			`</html>`